Normally, Kerberos would be integrated with PAM pam_krb5.so. It will attempt to acquire a Kerberos ticket based on your username and the password you supply. It can also use that to verify whether you are allowed to login, but that can be set to ignore if you just want the ticket. It needs to be added as both an auth and a session module, probably also password if you plan to keep your Kerberos password in sync with your desktop. If you plan to use Kerberos for verifying a user's login, you should also setup your keytab file at /etc/krb5.keytab with a key for host/hostname.example.com@EXAMPLE.COM replace hostname and example.com as appropriate for your environment.